Should you encrypt a LogonId/LoginId/Username in a database?

StackOverflow https://stackoverflow.com/questions/23598278

Question

Does anyone have recommendation on whether or not a logonid/loginid/username (whatever you may be referring it to as) should be encrypted in your database.

Up to recently we always encrypted passwords, which made sense, but we never encrypted the loginid, but a few of my colleagues highlighted that it was just too easy to identify for them to just blank out their password (or copy it to the clipboard) and login as the specific user.

Our database is secured. It is only accessible to the NETWORK Service, an application pool and/or the db owner, so the only people who could potentially do this would be administrators or dba's.

So my argument was that if you could not have a certain level of trust with these people, you had a bigger issue but I felt it didn't require your loginid to be encrypted.

Am I right or wrong on this? What are you thoughts?

Thanks.

Was it helpful?

Solution

You can encrypt username/logonid but I don't think that would add much more security in your context than not encrypting them. If your goal is to prevent admins/dba's and people who have access to the backend database from impersonating users (by resetting passwords etc.), the best way would probably be to implement multi-factor authentication.

In this scenario, your users would provide multiple authentication parameters for example:

  • A password which is hashed or encrypted in the database and also a token key code for example which would be time generated (via a token they would hold), or
  • A password and elements of personal information, for example the first/third/last (these positions change) letters of their security question which would be encrypted in your database.

Also you may want to consider implementing a robust login/logout audit trail so that suspicious logins can be traced back. This database should maintain its integrity (ie. admins should not be able to modify its contents easily) and you can achieve that by using checksums and/or storing the audit tables in a database that is accessible by a different group of admins.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top